Task #1459
Updated by jcline@redhat.com almost 9 years ago
Lazy sync introduces several new WSGI applications, processes, files, etc. SELinux rules need to be written to support lazy.
The following processes are new:
* squid
- I expect this to already have an SELinux policy somewhere and we probably don't need to do anything.
* pulp_streamer
- Currently set to run as the 'apache' user.
- Launches a twistd application in /srv/pulp/streamer.tac
- Its systemd unit and init script can be found in the streamer package in pulp for more information
- Currently runs in the 'system_u:system_r:unconfined_service_t:s0' context
- Reads a configuration file at '/etc/pulp/streamer.conf'
- Communicates with MongoDB
In addition to those processes, there are two new WSGI applications:
* streamer_auth.wsgi
- Reads '/etc/pulp/server.conf'
- Loads the RSA public key specified in the 'authentication' section, 'rsa_pub' value in above config
* content.wsgi
- Reads '/etc/pulp/server.conf'
- Loads the RSA private key specified in the 'authentication' section, 'rsa_key' value in above config
- calls `os.path.realpath` on provided file paths. These links will be in /var/www/pub/<something> and should resolve to something in /var/lib/pulp/content
.